<?php
	include("admin-commons.php");

	$user = $_COOKIE['user'];
	$hash = $_COOKIE['hash'];
	if(strlen($user) == 0)
	{
		echo "<html>\n";
		echo "<h2>You must be logged in to view this page, you have been reported.</h2>\n";
		echo "</html>\n";
		die();
	}	
	/* Begin Page */
	pageHeader();
	adminNavigation();
	contentHeader();
	$page = $_POST['page'];
	$title = $_POST['title'];
	$body = $_POST['body'];
	echo "<h2>Publish Content</h2>\n";
	if (strlen($page) == 0 || strlen($title) == 0 || strlen($body) == 0) {
		getContent();
	} else {
		publishContent($page, $title, $body);
	}
	contentFooter("You are logged in as ".$user);
	
	/* FUNKtions */
	
	function getContent() {
		echo "<form action=\"author.php\" method=\"post\">\n";
		echo "</br><b>Title</b></br>\n";
		echo "<input type=\"text\" name=\"title\"/></br>\n";
		echo "</br><b>Page</b></br>\n";
		echo "<select name=\"page\">\n";
		echo "<option>index</option>\n";
		echo "<option>jobs</option>\n";
		echo "<option>press</option>\n";
		echo "<option>privacy</option>\n";
		echo "<option>products</option>\n";
		echo "<option>testimonials</option>\n";
		echo "</select></br>\n";
		echo "</br><b>Article</b></br>\n";
		echo "<textarea name=\"body\" rows=\"20\" cols=\"50\">\n";
		echo "</textarea></br>\n";
		echo "</br><input type=\"submit\" value=\"Publish Content\"/>";
		echo "</form></br></br>\n";
	}
	
	function publishContent($page, $title, $body) {
		$sqlConnection = connectToDatabase();
		mysql_select_db("hpberry", $sqlConnection);
		$page = mysql_real_escape_string($page);
		$title = mysql_real_escape_string($title);
		$body = mysql_real_escape_string($body);
		$addArticle = 'INSERT INTO articles (page, title, image, body) VALUES ("'.$page.'", "'.$title.'", "stuxnet.jpg", "'.$body.'")';
		if (mysql_query($addArticle, $sqlConnection))
			echo "</br></br> > Successfully published new article to ".$page."\n";
		else
			echo "</br></br><b> > SQL Error:</b> ".mysql_error()."\n";
		echo "</br></br>\n";
		mysql_close($sqlConnection);
	}
	
?>